Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches

Shir Landau Feibish, Yehuda Afek, Anat Bremler-Barr, Edith Cohen, Michal Shagam

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

25 Scopus citations

Abstract

Random Subdomain DDoS a.acks on the Domain Name System (DNS) infrastructure are becoming a popular vector in recent a.acks (e.g., recent Mirai a.ack on Dyn). In these a.acks, many queries are sent for a single or a few victim domains, yet they include highly varying non-existent subdomains generated randomly. Motivated by these a.acks we designed and implemented novel and efficient algorithms for distinct heavy hi.ers (dHH). A (classic) heavy hi.er (HH) in a stream of elements is a key (e.g., the domain of a query) which appears in many elements (e.g., requests). When stream elements consist of key, subkey¿ pairs, (domain, subdomain¿) a distinct heavy hi.er (dhh) is a key that is paired with a large number of di.erent subkeys. Our algorithms dominate previous designs in both the asymptotic (theoretical) sense and practicality. Speciffically the new .xed-size algorithms are simple to code and with asymptotically optimal space accuracy tradeoffs. Based on these algorithms, we build and implement a system for detection and mitigation of Random Subdomain DDoS a.acks. We perform experimental evaluation, demonstrating the effectiveness of our algorithms.

Original languageEnglish
Title of host publicationHotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450355278
DOIs
StatePublished - 14 Oct 2017
Event5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb 2017 - San Jose, United States
Duration: 14 Oct 2017 → …

Publication series

NameHotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies

Conference

Conference5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb 2017
Country/TerritoryUnited States
CitySan Jose
Period14/10/17 → …

Funding

FundersFunder number
Blavatnik Cyber Security Councile
European Research Council259085
Ministry of Science and Technology, Israel

    Fingerprint

    Dive into the research topics of 'Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches'. Together they form a unique fingerprint.

    Cite this